Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | 21.0.0 |
Analysis ID: | 485992 |
Start time: | 16:18:02 |
Joe Sandbox Product: | Cloud |
Start date: | 22.01.2018 |
Overall analysis duration: | 0h 13m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Xtaqxu6frQ (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2010 SP2, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43) |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Detection: | MAL |
Classification: | mal84.evad.spre.adwa.phis.spyw.troj.winEXE@25/41@29/1 |
HCA Information: |
|
EGA Information: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 84 | 0 - 100 | Report FP / FN |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior |
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook |
Sample monitors Window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Signature Overview |
---|
Click to jump to signature section
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to capture screen (.Net source) | Show sources |
Source: 4.2.fero.exe.680000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 8.2.chrome64x.exe.6a0000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 16.2.chrome64x.exe.550000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 18.2.chrome64x.exe.3b0000.1.raw.unpack, OK.cs | .Net Code: |
Networking: |
---|
Found strings which match to known social media urls | Show sources |
Source: fero.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: fero.exe | String found in binary or memory: | ||
Source: fero.exe | String found in binary or memory: | ||
Source: fero.exe | String found in binary or memory: | ||
Source: fero.exe | String found in binary or memory: | ||
Source: fero.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: 1E11E75149C17A93653DA7DC0B8CF53F_7AF31CAFD5EA10EF3F1F95E6796CFF64.2.dr | String found in binary or memory: | ||
Source: 7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.2.dr | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe, UserCache.bin.6.dr | String found in binary or memory: | ||
Source: AcroRd32.exe, UserCache.bin.6.dr | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: fire and fury.pdf | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: ReaderMessages-journal.6.dr | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: | ||
Source: AcroRd32.exe | String found in binary or memory: |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: global traffic | TCP traffic: |
Uses dynamic DNS services | Show sources |
Source: unknown | DNS query: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Registry value created or modified: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Registry value created or modified: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Registry value created or modified: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Registry value created or modified: |
Creates a start menu entry (Start Menu\Programs\Startup) | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | File created: |
Stores files to the Windows start menu directory | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | File created: |
Creates autostart registry keys with suspicious names | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Registry value created or modified: |
Drops PE files to the startup folder | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | File created: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | File created: | ||
Source: C:\Users\user\Desktop\fero.exe | File created: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | File created: |
Data Obfuscation: |
---|
Binary may include packed or encrypted code | Show sources |
Source: initial sample | Static PE information: | ||
Source: initial sample | Static PE information: |
File is packed with WinRar | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | File created: |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01391422 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_013920E9 |
.NET source code contains potential unpacker | Show sources |
Source: 4.2.fero.exe.680000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 8.2.chrome64x.exe.6a0000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 16.2.chrome64x.exe.550000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 18.2.chrome64x.exe.3b0000.1.raw.unpack, OK.cs | .Net Code: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0138ECFC | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0139C562 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01382816 |
Contains functionality to spread to USB devices (.Net source) | Show sources |
Source: 4.2.fero.exe.680000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 8.2.chrome64x.exe.6a0000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 16.2.chrome64x.exe.550000.1.raw.unpack, OK.cs | .Net Code: | ||
Source: 18.2.chrome64x.exe.3b0000.1.raw.unpack, OK.cs | .Net Code: |
May infect USB drives | Show sources |
Source: fero.exe | Binary or memory string: | ||
Source: fero.exe | Binary or memory string: |
System Summary: |
---|
Found graphical window changes (likely an installer) | Show sources |
Source: Window Recorder | Window detected: |
Uses Microsoft Silverlight | Show sources |
Source: C:\Users\user\Desktop\fero.exe | File opened: |
Submission file is bigger than most known malware samples | Show sources |
Source: Xtaqxu6frQ.exe | Static file information: |
Uses new MSVCR Dlls | Show sources |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | File opened: |
PE file contains a mix of data directories often seen in goodware | Show sources |
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources |
Source: Xtaqxu6frQ.exe | Static PE information: |
PE file contains a debug data directory | Show sources |
Source: Xtaqxu6frQ.exe | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
PE file contains a valid data directory to section mapping | Show sources |
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: | ||
Source: Xtaqxu6frQ.exe | Static PE information: |
.NET source code contains calls to encryption/decryption functions | Show sources |
Source: chrome64x.exe.4.dr, Form1.cs | Cryptographic APIs: | ||
Source: f39b6b3505175465947b62295a9a0ae2.exe.8.dr, Form1.cs | Cryptographic APIs: |
Binary contains paths to development resources | Show sources |
Source: Xtaqxu6frQ.exe | Binary or memory string: |
Classification label | Show sources |
Source: classification engine | Classification label: |
Creates files inside the user directory | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | File created: |
Creates temporary files | Show sources |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | File created: |
Launches a second explorer.exe instance | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: |
PE file has an executable .text section and no other executable section | Show sources |
Source: Xtaqxu6frQ.exe | Static PE information: |
Parts of this applications are using the .NET runtime (Probably coded in C#) | Show sources |
Source: C:\Users\user\Desktop\fero.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Section loaded: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Section loaded: |
Reads ini files | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | File read: |
Reads software policies | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Key opened: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process created: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process created: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process created: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process created: | ||
Source: C:\Users\user\Desktop\fero.exe | Process created: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process created: | ||
Source: C:\Windows\explorer.exe | Process created: | ||
Source: C:\Windows\explorer.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Key value queried: |
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3) | Show sources |
Source: chrome64x.exe.4.dr | Static PE information: | ||
Source: f39b6b3505175465947b62295a9a0ae2.exe.8.dr | Static PE information: |
Contains functionality to call native functions | Show sources |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579E90 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_005799D0 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579890 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579B50 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579AD0 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579850 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579800 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579B10 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579A10 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579A50 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 5_2_00579910 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177250 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_001772D0 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177350 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177110 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177690 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177390 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177050 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177310 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177000 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177090 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_001771D0 | |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Code function: | 6_2_00177210 |
Creates files inside the system directory | Show sources |
Source: C:\Windows\explorer.exe | File created: |
Detected potential crypto function | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01387058 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01389E79 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_013A3064 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_013931E4 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01384D7F | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0139E640 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_013843C7 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01383FAF | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0139EAEE | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01384948 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01394362 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01381595 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_013936E0 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01393F2D | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01393AF8 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0138929D | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_013970A2 |
Found potential string decryption / allocating functions | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: |
PE file contains executable resources (Code or Archives) | Show sources |
Source: Xtaqxu6frQ.exe | Static PE information: |
Reads the hosts file | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | File read: |
Sample file is different than original file name gathered from version info | Show sources |
Source: Xtaqxu6frQ.exe | Binary or memory string: | ||
Source: Xtaqxu6frQ.exe | Binary or memory string: | ||
Source: Xtaqxu6frQ.exe | Binary or memory string: | ||
Source: Xtaqxu6frQ.exe | Binary or memory string: | ||
Source: Xtaqxu6frQ.exe | Binary or memory string: | ||
Source: Xtaqxu6frQ.exe | Binary or memory string: | ||
Source: Xtaqxu6frQ.exe | Binary or memory string: |
Sample reads its own file content | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | File read: |
Tries to load missing DLLs | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Section loaded: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Section loaded: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Section loaded: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Section loaded: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Section loaded: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Section loaded: |
HIPS / PFW / Operating System Protection Evasion: |
---|
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: AcroRd32.exe | Binary or memory string: | ||
Source: AcroRd32.exe | Binary or memory string: | ||
Source: AcroRd32.exe | Binary or memory string: |
Creates a process in suspended mode (likely to inject code) | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process created: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process created: | ||
Source: C:\Users\user\Desktop\fero.exe | Process created: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process created: |
Anti Debugging: |
---|
Contains functionality to register its own exception handler | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01392035 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01391EA3 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0139A2D5 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01392327 |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: C:\Users\user\Desktop\fero.exe | Memory allocated: |
Checks for debuggers (devices) | Show sources |
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: | ||
Source: C:\Windows\explorer.exe | File opened: |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: C:\Users\user\Desktop\fero.exe | System information queried: |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01391EA3 |
Contains functionality to read the PEB | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_013991B4 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0139D230 |
Enables debug privileges | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process token adjusted: |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0138ECFC | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0139C562 | |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01382816 |
Contains functionality to query system information | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01390F5F |
Program exit points | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | API call chain: | graph_1-20380 |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Window / User API: |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe TID: 3944 | Thread sleep count: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe TID: 2456 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 4004 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 4064 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 4080 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 4076 | Thread sleep time: | ||
Source: C:\Windows\explorer.exe TID: 2116 | Thread sleep time: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe TID: 2408 | Thread sleep time: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe TID: 2156 | Thread sleep time: |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Users\user\Desktop\fero.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Windows\System32\netsh.exe | Process information set: | ||
Source: C:\Windows\System32\netsh.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Windows\explorer.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Process information set: |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Modifies the internet feature controls of the internet explorer | Show sources |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Registry value created: |
Disables zone checking for all users | Show sources |
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Registry value created: |
Modifies the windows firewall | Show sources |
Source: unknown | Process created: |
Uses netsh to modify the Windows network and firewall settings | Show sources |
Source: unknown | Process created: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query local / system time | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0139085C |
Contains functionality to query windows version | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0138299B |
Queries the cryptographic machine GUID | Show sources |
Source: C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe | Key value queried: |
Contains functionality locales information (e.g. system language) | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_0138DB87 |
Contains functionality to query CPU information (cpuid) | Show sources |
Source: C:\Users\user\Desktop\Xtaqxu6frQ.exe | Code function: | 1_2_01385C5C |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\Users\user\Desktop\fero.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: | ||
Source: C:\Users\user\AppData\Local\Temp\chrome64x.exe | Queries volume information: |
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:19:25 | API Interceptor | 912x Sleep call for process: AcroRd32.exe modified from: 60000ms to: 5000ms |
16:19:41 | Autostart | Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run f39b6b3505175465947b62295a9a0ae2 "C:\Users\user\AppData\Local\Temp\chrome64x.exe" .. |
16:19:42 | API Interceptor | 1x Sleep call for process: netsh.exe modified from: 60000ms to: 5000ms |
16:19:42 | API Interceptor | 14x Sleep call for process: explorer.exe modified from: 60000ms to: 5000ms |
16:19:42 | Autostart | Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run f39b6b3505175465947b62295a9a0ae2 "C:\Users\user\AppData\Local\Temp\chrome64x.exe" .. |
16:19:42 | Autostart | Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f39b6b3505175465947b62295a9a0ae2.exe |
16:19:46 | API Interceptor | 8x Sleep call for process: chrome64x.exe modified from: 60000ms to: 5000ms |
Antivirus Detection |
---|
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
No yara matches |
---|
Unpacked PEs |
---|
No yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Type: | |
Size (bytes): | 275456 |
Entropy (8bit): | 5.51396000707157 |
Encrypted: | false |
MD5: | 9A1719B8B9124D1FB88F18919CFE24D0 |
SHA1: | B451E22D81FDAA01E0E5A7D9A7C22D5191B48866 |
SHA-256: | 5633CA8040D4B2FE5FFA6253A550E109E8D03409B980F34FCAFCBB9522ACF98A |
SHA-512: | 73DEBFC9496F82AA8044CAE4EB86B8D08A3842EA5787395D08EF4F61B10E2C92A4293C7E7EB73FAD0DD63CB4A19FC97017DE9731C211E5EFB2E71AF29017C7F9 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 299604 |
Entropy (8bit): | 4.925368924476077 |
Encrypted: | false |
MD5: | 3920A1F3127066E9383B63E8D2456A19 |
SHA1: | A334B68EEF4C72C5C44CCE3EA57D1F65DFB11923 |
SHA-256: | 3BF591C09A6B75EBA902F2110A1973082FBB8A98997065E3315E741547FBFAAD |
SHA-512: | D05EC9DCFFFB3FDADBB3971062AA6056FECCE4E41C1FAC439AA62306FC774294024C89B8D77D85C0C6DF1427FDD33E89A77C04148686636EE5A8773608A46EF4 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 19621 |
Entropy (8bit): | 3.4270619140689025 |
Encrypted: | false |
MD5: | 05B8C220CF8E3A0E3134C7BB3B046E68 |
SHA1: | 193DC539A3129685AB6F6D2453DB5C190A20121D |
SHA-256: | 7C6470568673A4720B73ECB8F583818E1C8ECFBD8A67D047AF4A7D195F7BCEA8 |
SHA-512: | 3B5CF094F3D4226A5B8828E89FE87B6079E150BC956F8364218552FEC94126F8B9949D1DAF99EF4B7CBAC5717E9C150F72C6C74403EBCDBF4D111DF61D7CB8A0 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 1746 |
Entropy (8bit): | 7.827504944554236 |
Encrypted: | false |
MD5: | E661E41C437F9ED6EFFFDF594F7C2F55 |
SHA1: | 985955D27FEEDFEC099B636EF6CDFEA06EE16C4F |
SHA-256: | D1EFE9940F6AA0DDCE0FB19E0CE1B2662E67CACE8F73E6EA7EB44986DC3885B5 |
SHA-512: | B33AADFF6BEC2D89C02C51245CFCE80CE735DE55029D512A62FDCF3735E4626DE9AB3FA5CDFEEBBAF312ED576ECC6FFEC4943A223196321EABDBD12C892657DB |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 63139 |
Entropy (8bit): | 7.123438940701136 |
Encrypted: | false |
MD5: | 2937C71754BDDE5B1A374A8D14C675D6 |
SHA1: | C5C12C5D0C70D13C8113FC084C3F8CBAE47ED0C5 |
SHA-256: | 5AE4A147BF8D36FC0C8FC945616475810F1B87E5B8C101D6761A5FE54608F270 |
SHA-512: | C976D5CBEFEDF7953C2E61717ECC0204A6DEFE8F0C9A2011FDC34FB0497EF055891EFDCDF7FF1418668B614C3FB07EBECC950F60BCD6F56BB640B7B6F39F7AE4 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 1908 |
Entropy (8bit): | 7.872987835511097 |
Encrypted: | false |
MD5: | 38092712C28F7DF91EC87995CDC50BE5 |
SHA1: | CB295D6B2A79320009C9CAE5C2DA5D67336133E6 |
SHA-256: | 7478D978724C4725E17239DA8D19B083C27BF19F544665E89A06CE712EA83E27 |
SHA-512: | 2D5C14631C533EA6ABA8AD5FCC934911C9AD6D68B3847585F357D08DDAB89C0B5F120D04B8850FCEF186DEEEFD0F4B3A1123F0B3432385B2F3C1EDD495BE3496 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 2641 |
Entropy (8bit): | 7.64181179619636 |
Encrypted: | false |
MD5: | 16313DAF29CD9D2BE2D74D91E727FB8D |
SHA1: | 3BB694D55613D50D18F9BB2B051FB902B094EC0F |
SHA-256: | 8F00732937D6847368EAE869A8FCD09CAC584EA2D09EFEE4A0754C9F3D773658 |
SHA-512: | 627D9A0383C467129A4E09F24F2645C0457C66AC39E66624BF46B886879D8525F241D37786DD7A991F8F229FAFFAAE49504C7C4701C2E0CF286138DFEF2DD694 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 471 |
Entropy (8bit): | 7.104017636678511 |
Encrypted: | false |
MD5: | F32F2F56CD1D98BC5327F7FEEAF86DCF |
SHA1: | 5E0BB93E96A7E8D7648FB2B497172D6E7DA53DA6 |
SHA-256: | 14FAF58DD15BE2665242281A4966A3A43BE68550995A29F077EAC87FB3C82BA9 |
SHA-512: | 74A2C4FFB196A174AEB8C50D381DF78B9453C1975947DB59A2A9C531856404B1DF29FFC7FE8E9F31AD931078116A256DA5DA46D321CBA8CB55DC558955601127 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 471 |
Entropy (8bit): | 7.086398505769453 |
Encrypted: | false |
MD5: | D7151D85397707C55D75FC6F33F717BD |
SHA1: | 2D464513A675AC0D665B97C5690AD624251C8E77 |
SHA-256: | 80A03EEF07ED123E13AD122F52A78EF08E3DCFF7E8568250AEF6F1FE0C98881E |
SHA-512: | A5F4E7751E901A838CB938AF08F7DBFFF81A0B3A1314D7A3C328FB3C661673F7041003F3C108E7248EEE8913336E713B722A214C77361E6A142E42A37CD78143 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 852 |
Entropy (8bit): | 3.843441068600754 |
Encrypted: | false |
MD5: | 0AEA02490DE61E9D56098252FB5D6306 |
SHA1: | E139B0C4674BAF7B81F8F53EEC10D7E55478C90B |
SHA-256: | 384871FDEAF723F01291F53C200CBEE9F6B553CC91466F87B178788CF1297A66 |
SHA-512: | 0411668309B1BE701393FD6A46D4207512EED4DAB75033C66ACAA9A609F126AA7102B538CFE8230DA8222499CDE79DCEB22B8D70D9B95ABBB2758191E66A127B |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 340 |
Entropy (8bit): | 3.427831827909229 |
Encrypted: | false |
MD5: | F0CDC54A25866636FA11E1BDD9F698BE |
SHA1: | A512F6FBFFA83D7F9A093B82C354002A4BD41C28 |
SHA-256: | 57695B5F1AF0CCF2C3C700AF92E51B09B610D62EAE71877DFFF1D4E8F2C6B24E |
SHA-512: | 401D7116185F532ED02498A93AC7E41C1DE103A0A485B0B988FA3B526DD86DDE1F0594F235CF7AAF9894387AF11D83599CB8CEF694A94A7D6FB83AF0D87D7517 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 868 |
Entropy (8bit): | 3.8622861135762507 |
Encrypted: | false |
MD5: | B17359B832DA2CF564CFB0BC82E43D5B |
SHA1: | E7085032624682EB62F4812CA338A54F2CDEEFF3 |
SHA-256: | E8C6DB5E63F05C6F3C097250C948217D559C33A6FD36343A42AF2080BA30FC5F |
SHA-512: | EE81B6CAAA475CBB1B3F2BC99FC232E9191C3E9D134BBDE9F371FD00BD3E10BDFC0F4A8F783F7E5A840AE49C86D70E83190DFDC7B053FB9AEDE187FC39278ECA |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 224772 |
Entropy (8bit): | 6.203353481462018 |
Encrypted: | false |
MD5: | 69617B0F2A64AEC605E9B1BEF6594884 |
SHA1: | 5370B9C22FC5CACF2991DD2E7643A806FB269AF3 |
SHA-256: | 91D95710DE5E1E7C8F805874334E914D89303924ACC719605236B7FD1539BDE4 |
SHA-512: | EC3628777E72DD5AF84F033BFD0F6D5933682AC7C3A27EE9C69F5EBC30F5E8E37877DD3B9F92B3BE9C0316A9AE16484412D6C9FFF7C7012F9DD296DF05E5129A |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 81944 |
Entropy (8bit): | 7.9942387161812425 |
Encrypted: | true |
MD5: | 39C9B484F43D03A05D306BC7BCC16654 |
SHA1: | 1CB992EAFF6228116E55B858F2ED825B09F2F50B |
SHA-256: | FA5FDEBE80EC0CE7DC40738B4FD46A9E9B36ECA6A810C523EE6EF3FD40B4179E |
SHA-512: | 9E8F391A40F0A426EA4C60FB1959C83A4ED6E4218034FD4EFCC25D6D27FB8EE33C733BF87FDD7917CC10294E0D2A189B4A3D81F9B49E4C460DAFE294CABE4608 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 47361 |
Entropy (8bit): | 7.987537477130805 |
Encrypted: | false |
MD5: | F7DE830CD7B8A9F944B5760216FD3C25 |
SHA1: | 1B2B250A7DBBB740DB6B84E287ED2B9B97C465A9 |
SHA-256: | 312E19D22980B5F62BD814B2381D9E5D41905A49417937E3BB0D9B2D96A8DCC9 |
SHA-512: | A5CE8AED5922005CE3E85CCC2C606730AB05ED059ED66C38F6D5A9617A139F735E9FE9D2ACF4161CB4622F6809D349365F54902559E2EC6717AE70D40F1EEC20 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 35731 |
Entropy (8bit): | 7.987485835859107 |
Encrypted: | false |
MD5: | 60FB8491AA4B141264152614C765D450 |
SHA1: | C33105A5D6BDA4F09BFCD774ADE9A62E77E131EE |
SHA-256: | 3184CA2A7EF723D242309F3770E6F60AC57E436EE3EB2B434112D0DF848E5C60 |
SHA-512: | 91C763EB5A58BB3874F007561577DE952DCE918C90828DA7CD8347782B33888E7AA42A3E68E2ED990B9F052A6D6C40C2F525DAA85EDA5E3935D8479445776D76 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 36990 |
Entropy (8bit): | 7.990124535027691 |
Encrypted: | true |
MD5: | 1F4E9AF6A1DE0EA9BC44D58008F192C1 |
SHA1: | 5F5BE604C785F3B46EFCDAE8DD923AED8F793BBB |
SHA-256: | 0E07CC568C6A9039584D1F267D6A2EB4CCE1C83E27B79B588BD6406E6EB4772B |
SHA-512: | C8712F9658A1FEFB3AFD536D9B05BD5FE67B795064A28C97D14C17B27280D4E9CA2F1301B7E2A96DBB914F2F19D3B3642AEA994A07AC0BBB22CE3BF05BAB7B4C |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 38445 |
Entropy (8bit): | 7.987468362752603 |
Encrypted: | false |
MD5: | C2BE4C74C4D98EAC6140ACB383F77D0B |
SHA1: | A54E90B58DD2463D913142D4D7EC1D038F249C55 |
SHA-256: | D1E10EBE9F745F12C7B29F0A7CA27C576C0BA1E37FDCC19563E822C6692A1D68 |
SHA-512: | A0C3279557019D5F204EA2B77913BB6C2B57ABF667BEEEB9C4F1F42C146653B695BD61699E7B03B2084FE990181C982B6B090ADF37CCBA11218D016F8EB799CA |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 41629 |
Entropy (8bit): | 7.990480697592721 |
Encrypted: | true |
MD5: | 2270AA3192DA68562FDB1E4C468B13DF |
SHA1: | 0EFDAAE1163AF1AC0C61C6E5F92714CDBB03E41A |
SHA-256: | 5C74FEC27DEC1D0FE65987B22D85BA7953E118B34ED48AD59A8000E4D3D4F975 |
SHA-512: | 4A9B0559901AB7362B7780542CDAAD4063432D6B598243C40BF6574076B7AA41C8F4B014CC852FEE16EC443FA86493F1844F8D8CBA7F6B9410870824BDF21C85 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 4 |
Entropy (8bit): | 1.5 |
Encrypted: | false |
MD5: | 098F6BCD4621D373CADE4E832627B4F6 |
SHA1: | A94A8FE5CCB19BA61C4C0873D391E987982FBBD3 |
SHA-256: | 9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08 |
SHA-512: | EE26B0DD4AF7E749AA1A8EE3C10AE9923F618980772E473F8819A5D4940E0DB27AC185F8A0E1D5F84F88BC887FD67B143732C304CC5FA9AD8E6F57F50028A8FF |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 41984 |
Entropy (8bit): | 7.677570317945835 |
Encrypted: | false |
MD5: | 7B21E7A626736B1BE83D83C89354CD9F |
SHA1: | 69037A6B6C23C74E20CAAF50DC4E5987156D1619 |
SHA-256: | 4E7C4DFFC84629519C0EF3435BF7698321F1AA5FF594E0D1DA54BC82A5FBB998 |
SHA-512: | D3087ED5255664961F5A7E3556785929563A33960AD926527C47D0DCC08A5C29E51483AFE530C2DA4E414527CFE3259EE329798F569AA7850082F6F2EBF5D785 |
Malicious: | true |
Reputation: | low |
File Type: | |
Size (bytes): | 225 |
Entropy (8bit): | 6.800773762476679 |
Encrypted: | false |
MD5: | C50204EA0A9AE54DC1572E64B64D49AE |
SHA1: | 01E7C4A7B0ACFEC15F74614439B5B239567554C1 |
SHA-256: | 71843425B15C332547C3FF043C24306CBCFF5685A3791E5E87C1045EB588E2C3 |
SHA-512: | 859A49415C6F78250524FB3B6AF29B23FA8CE381FFC1813EC009A2CC8B63209F4EBC4B635508C24A4CBF26B4C7DC3145253611485E3D06F661A2158A4A5055F7 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 777 |
Entropy (8bit): | 7.7028827755503375 |
Encrypted: | false |
MD5: | F350609DFCCAF2EF2F627BB45838E863 |
SHA1: | F27E0F51C8FCCA661311842E038C66604F08D2EC |
SHA-256: | 4489E4FF131E274C6A66E914367F9901EB3AC5C2D90003854271C81E41BFDC24 |
SHA-512: | E1B05C8B4241D94FB19B893F1FF5B28DC5D177D9FFEA2E7A28985EC6AFADDAAAD21C466A03BA3E6F2C12F12E9458459130B24C6A998B63B207838580441016C7 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 264 |
Entropy (8bit): | 6.516581040114005 |
Encrypted: | false |
MD5: | C87A81662485180B2EC0E6CF84A4FF66 |
SHA1: | 86CD8581906348BFD3AA94015CB74F1C55699473 |
SHA-256: | 737E75BE02753C1EEB6DDC149B6EB695436312241B45192C19F0DE310A12A780 |
SHA-512: | 9F7A8FA86429AF1DD9B2206460BE15B8B6B91261D99A62B088D9E087AA8EA0F87A0EE412CE5CBBBD78159BEDB6BA068EE43F7C66EAD7CEF92E619E18C719A55A |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 5773 |
Entropy (8bit): | 6.775809869730049 |
Encrypted: | false |
MD5: | 77D6FC57F2159C52F41DBC91C235867F |
SHA1: | 6D6570D8E2EF8545C887EC7572F0B94D4E06F11B |
SHA-256: | 92FBC1F3C1E15428BBEB6ADA8F07C7B2F44E0F7C3FBD03E25099B096432D3604 |
SHA-512: | 97EA6C6ADCEA97AAAEE67CBAD1BFCB023609704716458974F1CB2126D8E67D50CAA5ADD2E7D406E04F3B4BA6C03213BF94A150AA528E2F53702F4139C2452329 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 221704 |
Entropy (8bit): | 6.503235457578163 |
Encrypted: | false |
MD5: | A48B0BFB6EEA74F88AE46BF4325EFFFD |
SHA1: | 955775D63CFC6EADECF91740BFCFF28D5A6DB7DB |
SHA-256: | C10CEE53C64B91E98D94C2BD1B05EDC939D8C4703193469595A0355B41435720 |
SHA-512: | FC26A032F75A6EBD674DEF30F729BF84DC308C33634F7A3553406F173C124195F0BF5E5FEB668FA240FE37998547BC8FAB8684B0D8273AEDF750A1E1A4136A89 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 1561 |
Entropy (8bit): | 7.812599844558225 |
Encrypted: | false |
MD5: | CDF9B35164100642C42E5E7C5751F6DA |
SHA1: | 657E8316B880356CE1DF8BEBB8637F5F079651A3 |
SHA-256: | BD7F80CB74353F1737B21487DAA34E856470D93D2446BB1A12B62A1961996E4A |
SHA-512: | 47B6965B102C058403D6D2658821372646678125831BA343BEBBC10A396E13781C85F99375CFF802F337BF7212AD12B41F872C37F5E5EB56017E916FCC3F2215 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 4761 |
Entropy (8bit): | 7.9614786207275685 |
Encrypted: | false |
MD5: | 19BD6F4C058C115C386C7EDC9C54D9A9 |
SHA1: | 74324F2412EC759FB6ABED04E4DFB67B64583C52 |
SHA-256: | 67F86658E5DB276E246DD73BD707AD0C8A4277185D7143853680803B5F6D4412 |
SHA-512: | B02FE4D887288AA71149495B0F17A49F5EFD2856A2D8CE6B5B291029DA6338077FD3AFB0B0FA19236818608657779A9769C3A68EDBD232CCCDA2476F29606E0F |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 264 |
Entropy (8bit): | 6.50504550391091 |
Encrypted: | false |
MD5: | 27B6556F8F35CB5C913CE76A734BAE4A |
SHA1: | E1426024F649D6407A0A8F33B2D1628E374438E2 |
SHA-256: | 35894F4FED8FC47803B3075F9211D62A4B324BE34C21BFD26C0DD3CAC057766A |
SHA-512: | 402C6812889E53285026BC238ACDBA29A6520CCFC957B5DE5799B5E6D18001F260AE80F1D3D85B9A149180EC47C23CA28A60DB6502A9536379CD8A220D69B5FC |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 41984 |
Entropy (8bit): | 7.677570317945835 |
Encrypted: | false |
MD5: | 7B21E7A626736B1BE83D83C89354CD9F |
SHA1: | 69037A6B6C23C74E20CAAF50DC4E5987156D1619 |
SHA-256: | 4E7C4DFFC84629519C0EF3435BF7698321F1AA5FF594E0D1DA54BC82A5FBB998 |
SHA-512: | D3087ED5255664961F5A7E3556785929563A33960AD926527C47D0DCC08A5C29E51483AFE530C2DA4E414527CFE3259EE329798F569AA7850082F6F2EBF5D785 |
Malicious: | true |
Reputation: | low |
File Type: | |
Size (bytes): | 41984 |
Entropy (8bit): | 7.677570317945835 |
Encrypted: | false |
MD5: | 7B21E7A626736B1BE83D83C89354CD9F |
SHA1: | 69037A6B6C23C74E20CAAF50DC4E5987156D1619 |
SHA-256: | 4E7C4DFFC84629519C0EF3435BF7698321F1AA5FF594E0D1DA54BC82A5FBB998 |
SHA-512: | D3087ED5255664961F5A7E3556785929563A33960AD926527C47D0DCC08A5C29E51483AFE530C2DA4E414527CFE3259EE329798F569AA7850082F6F2EBF5D785 |
Malicious: | true |
Reputation: | low |
File Type: | |
Size (bytes): | 1749248 |
Entropy (8bit): | 7.669446704421918 |
Encrypted: | false |
MD5: | 2DAA2388D09025790CCAFBF44A3DB342 |
SHA1: | BB51B60859DEFA152895FFF4AFAA8D7D3848C904 |
SHA-256: | 056B387D0CDBF26563CCBD1A3D93E9E159CBE5C31D4836E0A2C869D6B135F48B |
SHA-512: | B8A1F1A5AA5DCBC80ACBD9EFC8601042DE12CC84D68498117A2685E1F1F1D0F611AB47732394A3B6B1B5604538CDCCBBC79F8C63C47B4C02E589AFA391117AF5 |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 1036 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
MD5: | 227FD460860A3AD1FD2B245793C07F95 |
SHA1: | 71D8DA21D4BB33F4CC32B70B174815E40EDA657E |
SHA-256: | 693195CF289838146418E1BD05FD1A482C36FF75A77874609D615247285D5B99 |
SHA-512: | CE035DBE02B8E15091F7FEE997A823DC4A0EF12C14E4F7D8441B9D3D9878BD17036DB61E24D4E67DB2A6E1F8B50168F6F03311B19713C688691CE4298B1DEB2C |
Malicious: | false |
Reputation: | low |
File Type: | |
Size (bytes): | 5180 |
Entropy (8bit): | 0.028344400812028762 |
Encrypted: | false |
MD5: | 92A7382B3E374CB648E385728F621C1C |
SHA1: | C7F57101AC231C5C150A05A384D22527E72BEF58 |
SHA-256: | 0655C270A76DB40F9232C210CE4BFDFB9A4E15F77170020C0DAA3E27D53EFB03 |
SHA-512: | F7BF1C57059F08D4A409EA14007CF0C754448566FC272292659E28B84A5E28055122B95BCD70873C449DAF16EB6FE2151DE4B8EDEF08B73BD3DE38439A2B3ED8 |
Malicious: | false |
Reputation: | low |
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection |
---|---|---|---|---|
fero2003.ddns.net | 91.109.180.3 | true | true |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
91.109.180.3 | France | 29075 | IELOIELOMainNetworkFR | true |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.930055152676681 |
TrID: |
|
File name: | Xtaqxu6frQ.exe |
File size: | 1571773 |
MD5: | 8667949f8fd4ce4da0424af4208104e3 |
SHA1: | 13da85ad0e6aa4ba9b484d0daf743996e60d73e5 |
SHA256: | 2063aead8dce54294989992a9c0d1a88e22f0ef9aa06886e5f8e9eda2e0db94c |
SHA512: | 008c2a54c776296b04f781f577752376e1484ae98facdd5a50adba7ff02517d5185574b950eb871f579785ca41736eca4722fa7189dfbdfcdd8bcb0292d30330 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[e..[e..[e....+.Ve....)..e....(.Ce..`;..Le..`;..He..`;..re..R.Y.Qe..R.I.Xe..[e...e...;..~e...;..Ze...;%.Ze...;..Ze..Rich[e. |
File Icon |
---|
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x411cd9 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x598DB703 [Fri Aug 11 13:54:11 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 49091c5c46d1ed156931ed11f43d3afa |
Entrypoint Preview |
---|
Instruction |
---|
call 0F0979ABh |
jmp 0F097353h |
cmp ecx, dword ptr [0042D0A8h] |
jne 0F0974C5h |
ret |
jmp 0F097B21h |
jmp 0F09BEACh |
push ebp |
mov ebp, esp |
and dword ptr [0045CE88h], 00000000h |
sub esp, 28h |
push ebx |
xor ebx, ebx |
inc ebx |
or dword ptr [0042D0ACh], ebx |
push 0000000Ah |
call 0F0A8E10h |
test eax, eax |
je 0F097633h |
and dword ptr [ebp-10h], 00000000h |
xor eax, eax |
or dword ptr [0042D0ACh], 02h |
xor ecx, ecx |
push esi |
push edi |
mov dword ptr [0045CE88h], ebx |
lea edi, dword ptr [ebp-28h] |
push ebx |
cpuid |
mov esi, ebx |
pop ebx |
mov dword ptr [edi], eax |
mov dword ptr [edi+04h], esi |
mov dword ptr [edi+08h], ecx |
mov dword ptr [edi+0Ch], edx |
mov eax, dword ptr [ebp-28h] |
mov ecx, dword ptr [ebp-1Ch] |
mov dword ptr [ebp-08h], eax |
xor ecx, 49656E69h |
mov eax, dword ptr [ebp-20h] |
xor eax, 6C65746Eh |
or ecx, eax |
mov eax, dword ptr [ebp-24h] |
push 00000001h |
xor eax, 756E6547h |
or ecx, eax |
pop eax |
push 00000000h |
pop ecx |
push ebx |
cpuid |
mov esi, ebx |
pop ebx |
mov dword ptr [edi], eax |
mov dword ptr [edi+04h], esi |
mov dword ptr [edi+08h], ecx |
mov dword ptr [edi+0Ch], edx |
jne 0F097505h |
mov eax, dword ptr [ebp-28h] |
and eax, 0FFF3FF0h |
cmp eax, 000106C0h |
je 0F0974E5h |
cmp eax, 00020660h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x2c370 | 0x34 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c3a4 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5f000 | 0x5928 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x65000 | 0x2478 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2abc0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x255e8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x24000 | 0x1d8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x2ba4c | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x22cf7 | 0x22e00 | False | 0.585909498208 | ump; data | 6.67042517033 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x24000 | 0x8e34 | 0x9000 | False | 0.456488715278 | ump; data | 5.09483813096 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2d000 | 0x30898 | 0xc00 | False | 0.223307291667 | ump; DOS executable (device driver) | 2.68733859147 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.gfids | 0x5e000 | 0xf4 | 0x200 | False | 0.345703125 | ump; data | 2.13092623588 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x5f000 | 0x5928 | 0x5a00 | False | 0.264453125 | ump; data | 4.86163071041 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x65000 | 0x2478 | 0x2600 | False | 0.771689967105 | ump; data | 6.63273168643 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x5f4ec | 0xbb6 | ump; data | English | United States |
RT_ICON | 0x600a4 | 0x25a8 | ump; data | ||
RT_DIALOG | 0x6264c | 0x286 | ump; data | English | United States |
RT_DIALOG | 0x628d4 | 0x13a | ump; data | English | United States |
RT_DIALOG | 0x62a10 | 0xec | ump; data | English | United States |
RT_DIALOG | 0x62afc | 0x12e | ump; data | English | United States |
RT_DIALOG | 0x62c2c | 0x338 | ump; data | English | United States |
RT_DIALOG | 0x62f64 | 0x252 | ump; data | English | United States |
RT_STRING | 0x631b8 | 0x1e2 | ump; data | English | United States |
RT_STRING | 0x6339c | 0x1cc | ump; data | English | United States |
RT_STRING | 0x63568 | 0x1ee | ump; data | English | United States |
RT_STRING | 0x63758 | 0x146 | ump; Hitachi SH big-endian COFF object, not stripped | English | United States |
RT_STRING | 0x638a0 | 0x446 | ump; data | English | United States |
RT_STRING | 0x63ce8 | 0x166 | ump; data | English | United States |
RT_STRING | 0x63e50 | 0x120 | ump; data | English | United States |
RT_STRING | 0x63f70 | 0xba | ump; data | English | United States |
RT_STRING | 0x6402c | 0xbc | ump; data | English | United States |
RT_STRING | 0x640e8 | 0xd6 | ump; data | English | United States |
RT_GROUP_ICON | 0x641c0 | 0x14 | ump; MS Windows icon resource - 1 icon | ||
RT_MANIFEST | 0x641d4 | 0x753 | ump; XML document text | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, SetLastError, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileTime, CloseHandle, CreateFileW, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, DeleteFileW, MoveFileW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, GetTickCount, SetCurrentDirectoryW, GetExitCodeProcess, WaitForSingleObject, GetLocalTime, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetCurrentProcess, TerminateProcess, RtlUnwind, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, SetStdHandle, HeapSize, GetConsoleCP, GetConsoleMode, SetFilePointerEx, DecodePointer |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 22, 2018 16:19:40.736596107 MEZ | 56975 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:41.733088970 MEZ | 56975 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:42.235349894 MEZ | 53 | 56975 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:42.392358065 MEZ | 53 | 56975 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:48.097928047 MEZ | 51208 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:48.591259956 MEZ | 53 | 51208 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:52.192821980 MEZ | 62228 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.200027943 MEZ | 62228 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.356199026 MEZ | 53 | 62228 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:53.421664953 MEZ | 58659 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.508177996 MEZ | 56917 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.593430996 MEZ | 53 | 62228 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:54.935075045 MEZ | 56917 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:54.935380936 MEZ | 58659 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:55.100990057 MEZ | 53 | 58659 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:55.101059914 MEZ | 53 | 56917 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:55.153678894 MEZ | 49194 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:19:55.153728008 MEZ | 1177 | 49194 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:19:55.153814077 MEZ | 49194 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:19:57.044390917 MEZ | 53 | 56917 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:57.292296886 MEZ | 53 | 58659 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:57.552268982 MEZ | 49194 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:19:57.552329063 MEZ | 1177 | 49194 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:19:57.552670956 MEZ | 49194 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:19:57.552690983 MEZ | 1177 | 49194 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:19:57.956212044 MEZ | 1177 | 49194 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:19:57.957652092 MEZ | 49194 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:19:58.297826052 MEZ | 64970 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:59.285948992 MEZ | 64970 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:59.527620077 MEZ | 53 | 64970 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:59.574682951 MEZ | 54618 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:59.866643906 MEZ | 53 | 64970 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:59.941108942 MEZ | 49194 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:19:59.941149950 MEZ | 1177 | 49194 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:00.068747044 MEZ | 62396 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:00.352015018 MEZ | 53 | 54618 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:01.009901047 MEZ | 53 | 62396 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:01.022860050 MEZ | 49196 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:01.022910118 MEZ | 1177 | 49196 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:01.022962093 MEZ | 49196 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:01.035300970 MEZ | 49196 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:01.035337925 MEZ | 1177 | 49196 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:01.035650015 MEZ | 49196 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:01.035675049 MEZ | 1177 | 49196 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:03.098542929 MEZ | 1177 | 49196 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:03.098664045 MEZ | 49196 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:05.104518890 MEZ | 49196 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:05.104561090 MEZ | 1177 | 49196 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:05.116087914 MEZ | 63638 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:05.766006947 MEZ | 53 | 63638 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:05.776460886 MEZ | 49197 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:05.776499033 MEZ | 1177 | 49197 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:05.776561975 MEZ | 49197 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:05.790960073 MEZ | 49197 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:05.790985107 MEZ | 1177 | 49197 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:05.791270018 MEZ | 49197 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:05.791289091 MEZ | 1177 | 49197 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:08.157905102 MEZ | 49197 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:08.157943010 MEZ | 1177 | 49197 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:13.455286026 MEZ | 1177 | 49197 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:13.455434084 MEZ | 49197 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:15.466957092 MEZ | 49197 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:15.466990948 MEZ | 1177 | 49197 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:15.522732019 MEZ | 52877 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:15.628464937 MEZ | 59362 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:16.524866104 MEZ | 52877 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:16.624151945 MEZ | 59362 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:16.865808964 MEZ | 53 | 52877 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:16.865881920 MEZ | 53 | 59362 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:16.873778105 MEZ | 49198 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:16.873814106 MEZ | 1177 | 49198 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:16.873867989 MEZ | 49198 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:16.883934975 MEZ | 49198 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:16.883956909 MEZ | 1177 | 49198 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:16.884201050 MEZ | 49198 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:16.884216070 MEZ | 1177 | 49198 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:17.130065918 MEZ | 53 | 52877 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:17.209683895 MEZ | 53 | 59362 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:18.901149035 MEZ | 1177 | 49198 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:18.901325941 MEZ | 49198 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:20.940049887 MEZ | 49198 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:20.940104008 MEZ | 1177 | 49198 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:20.947556973 MEZ | 52261 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:21.935591936 MEZ | 52261 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:22.061058044 MEZ | 53 | 52261 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:22.063039064 MEZ | 49200 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:22.063093901 MEZ | 1177 | 49200 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:22.063193083 MEZ | 49200 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:22.079080105 MEZ | 49200 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:22.079111099 MEZ | 1177 | 49200 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:22.079572916 MEZ | 49200 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:22.079591036 MEZ | 1177 | 49200 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:23.805666924 MEZ | 53 | 52261 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:25.588722944 MEZ | 1177 | 49200 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:25.588898897 MEZ | 49200 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:27.615957022 MEZ | 49200 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:27.616020918 MEZ | 1177 | 49200 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:27.626931906 MEZ | 61585 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:28.623389006 MEZ | 61585 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:29.026304960 MEZ | 53 | 61585 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:29.027339935 MEZ | 49201 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:29.027384043 MEZ | 1177 | 49201 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:29.027456045 MEZ | 49201 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:29.042623997 MEZ | 49201 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:29.042670012 MEZ | 1177 | 49201 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:29.042979956 MEZ | 49201 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:29.042995930 MEZ | 1177 | 49201 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:29.339533091 MEZ | 53 | 61585 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:30.933046103 MEZ | 1177 | 49201 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:30.933147907 MEZ | 49201 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:32.927908897 MEZ | 49201 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:32.927942038 MEZ | 1177 | 49201 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:32.969949961 MEZ | 54137 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:33.968871117 MEZ | 54137 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:34.091754913 MEZ | 53 | 54137 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:34.092803955 MEZ | 49202 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:34.092876911 MEZ | 1177 | 49202 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:34.092951059 MEZ | 49202 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:34.100388050 MEZ | 49202 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:34.100409031 MEZ | 1177 | 49202 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:34.100668907 MEZ | 49202 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:34.100682020 MEZ | 1177 | 49202 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:34.426896095 MEZ | 53 | 54137 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:35.800520897 MEZ | 1177 | 49202 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:35.800638914 MEZ | 49202 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:37.795139074 MEZ | 49202 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:37.795211077 MEZ | 1177 | 49202 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:37.809236050 MEZ | 52165 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:38.533780098 MEZ | 53 | 52165 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:38.534847975 MEZ | 49203 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:38.534881115 MEZ | 1177 | 49203 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:38.534934998 MEZ | 49203 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:38.547389030 MEZ | 49203 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:38.547415972 MEZ | 1177 | 49203 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:38.547684908 MEZ | 49203 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:38.547699928 MEZ | 1177 | 49203 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:39.742755890 MEZ | 1177 | 49203 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:39.742889881 MEZ | 49203 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:41.744568110 MEZ | 49203 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:41.744641066 MEZ | 1177 | 49203 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:41.757275105 MEZ | 63099 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:42.528963089 MEZ | 53 | 63099 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:42.531335115 MEZ | 49205 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:42.531399965 MEZ | 1177 | 49205 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:42.531507969 MEZ | 49205 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:42.546741962 MEZ | 49205 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:42.546782970 MEZ | 1177 | 49205 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:42.547107935 MEZ | 49205 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:42.547122955 MEZ | 1177 | 49205 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:43.885477066 MEZ | 1177 | 49205 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:43.885667086 MEZ | 49205 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:45.881244898 MEZ | 49205 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:45.881288052 MEZ | 1177 | 49205 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:45.888643980 MEZ | 56190 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:46.596225023 MEZ | 53 | 56190 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:46.597868919 MEZ | 49206 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:46.597930908 MEZ | 1177 | 49206 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:46.598041058 MEZ | 49206 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:46.608963966 MEZ | 49206 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:46.609009027 MEZ | 1177 | 49206 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:46.609370947 MEZ | 49206 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:46.609389067 MEZ | 1177 | 49206 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:48.156738997 MEZ | 1177 | 49206 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:48.156919956 MEZ | 49206 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:50.154556036 MEZ | 49206 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:50.154582977 MEZ | 1177 | 49206 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:50.183756113 MEZ | 61407 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:51.178338051 MEZ | 61407 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:51.345077038 MEZ | 53 | 61407 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:51.346909046 MEZ | 49207 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:51.346947908 MEZ | 1177 | 49207 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:51.347115993 MEZ | 49207 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:51.360821009 MEZ | 49207 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:51.360846043 MEZ | 1177 | 49207 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:51.362061977 MEZ | 49207 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:51.362077951 MEZ | 1177 | 49207 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:51.862507105 MEZ | 53 | 61407 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:53.487540960 MEZ | 1177 | 49207 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:53.487728119 MEZ | 49207 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:55.474450111 MEZ | 49207 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:55.474486113 MEZ | 1177 | 49207 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:55.482316971 MEZ | 58098 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:56.415262938 MEZ | 53 | 58098 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:56.417279959 MEZ | 49208 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:56.417373896 MEZ | 1177 | 49208 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:56.417515039 MEZ | 49208 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:56.431936026 MEZ | 49208 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:56.431973934 MEZ | 1177 | 49208 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:56.432279110 MEZ | 49208 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:56.432301998 MEZ | 1177 | 49208 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:57.375643015 MEZ | 1177 | 49208 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:57.375986099 MEZ | 49208 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:59.373243093 MEZ | 49208 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:20:59.373308897 MEZ | 1177 | 49208 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:20:59.389902115 MEZ | 63129 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:00.151971102 MEZ | 53 | 63129 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:00.152981997 MEZ | 49209 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:00.153016090 MEZ | 1177 | 49209 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:00.153076887 MEZ | 49209 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:00.163912058 MEZ | 49209 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:00.163935900 MEZ | 1177 | 49209 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:00.164603949 MEZ | 49209 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:00.164618015 MEZ | 1177 | 49209 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:01.838855028 MEZ | 1177 | 49209 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:01.839221001 MEZ | 49209 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:03.826742887 MEZ | 49209 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:03.826785088 MEZ | 1177 | 49209 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:03.837326050 MEZ | 51283 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:04.635679960 MEZ | 53 | 51283 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:04.636764050 MEZ | 49210 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:04.636814117 MEZ | 1177 | 49210 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:04.636883020 MEZ | 49210 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:04.645802975 MEZ | 49210 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:04.645855904 MEZ | 1177 | 49210 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:04.646168947 MEZ | 49210 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:04.646187067 MEZ | 1177 | 49210 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:04.795270920 MEZ | 49210 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:04.795339108 MEZ | 1177 | 49210 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:06.110498905 MEZ | 1177 | 49210 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:06.110995054 MEZ | 49210 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:08.107351065 MEZ | 49210 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:08.107410908 MEZ | 1177 | 49210 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:08.137975931 MEZ | 65348 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:08.547743082 MEZ | 53 | 65348 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:08.548779011 MEZ | 49211 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:08.548825979 MEZ | 1177 | 49211 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:08.550914049 MEZ | 49211 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:08.560122967 MEZ | 49211 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:08.560168982 MEZ | 1177 | 49211 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:08.560597897 MEZ | 49211 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:08.560615063 MEZ | 1177 | 49211 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:10.533041954 MEZ | 1177 | 49211 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:10.533427954 MEZ | 49211 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:12.539457083 MEZ | 49211 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:12.539504051 MEZ | 1177 | 49211 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:12.549381971 MEZ | 64405 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:13.164092064 MEZ | 53 | 64405 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:13.166631937 MEZ | 49212 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:13.166692019 MEZ | 1177 | 49212 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:13.166846037 MEZ | 49212 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:13.182622910 MEZ | 49212 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:13.182674885 MEZ | 1177 | 49212 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:13.183407068 MEZ | 49212 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:13.183430910 MEZ | 1177 | 49212 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:14.562424898 MEZ | 1177 | 49212 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:14.562586069 MEZ | 49212 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:16.560678005 MEZ | 49212 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:16.560739994 MEZ | 1177 | 49212 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:16.574419975 MEZ | 52216 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:17.082206011 MEZ | 53 | 52216 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:17.084052086 MEZ | 49213 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:17.084110975 MEZ | 1177 | 49213 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:17.084306002 MEZ | 49213 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:17.096750021 MEZ | 49213 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:17.096786022 MEZ | 1177 | 49213 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:17.097048998 MEZ | 49213 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:17.097064972 MEZ | 1177 | 49213 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:18.314245939 MEZ | 1177 | 49213 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:18.314551115 MEZ | 49213 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:20.366205931 MEZ | 49213 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:20.366250038 MEZ | 1177 | 49213 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:20.380563021 MEZ | 50621 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:20.835339069 MEZ | 53 | 50621 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:20.836472034 MEZ | 49214 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:20.836513996 MEZ | 1177 | 49214 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:20.839688063 MEZ | 49214 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:20.856173038 MEZ | 49214 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:20.856210947 MEZ | 1177 | 49214 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:20.857295036 MEZ | 49214 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:20.857315063 MEZ | 1177 | 49214 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:20.912666082 MEZ | 49214 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:20.912689924 MEZ | 1177 | 49214 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:22.118031979 MEZ | 1177 | 49214 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:22.118242979 MEZ | 49214 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:24.123819113 MEZ | 49214 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:24.123881102 MEZ | 1177 | 49214 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:24.195108891 MEZ | 54639 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:24.875320911 MEZ | 53 | 54639 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:24.898045063 MEZ | 49215 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:24.898091078 MEZ | 1177 | 49215 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:24.898164034 MEZ | 49215 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:24.906779051 MEZ | 49215 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:24.906835079 MEZ | 1177 | 49215 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:24.907109022 MEZ | 49215 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:24.907124043 MEZ | 1177 | 49215 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:26.206696033 MEZ | 1177 | 49215 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:26.206967115 MEZ | 49215 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:28.193667889 MEZ | 49215 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:28.193737984 MEZ | 1177 | 49215 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:28.206088066 MEZ | 60543 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:28.757571936 MEZ | 53 | 60543 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:28.847224951 MEZ | 49216 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:28.847265959 MEZ | 1177 | 49216 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:28.847644091 MEZ | 49216 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:28.856434107 MEZ | 49216 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:28.856467962 MEZ | 1177 | 49216 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:28.857075930 MEZ | 49216 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:28.857096910 MEZ | 1177 | 49216 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:30.484364986 MEZ | 1177 | 49216 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:30.484483957 MEZ | 49216 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:32.482268095 MEZ | 49216 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:32.482305050 MEZ | 1177 | 49216 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:32.490860939 MEZ | 63250 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:33.150305033 MEZ | 53 | 63250 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:33.151570082 MEZ | 49217 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:33.151633024 MEZ | 1177 | 49217 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:33.151721954 MEZ | 49217 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:33.161900997 MEZ | 49217 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:33.161931038 MEZ | 1177 | 49217 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:33.162584066 MEZ | 49217 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:33.162606001 MEZ | 1177 | 49217 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:34.529431105 MEZ | 1177 | 49217 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:34.529764891 MEZ | 49217 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:36.530433893 MEZ | 49217 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:36.530524015 MEZ | 1177 | 49217 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:36.542354107 MEZ | 51945 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:37.529562950 MEZ | 51945 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:37.770493984 MEZ | 53 | 51945 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:37.771414995 MEZ | 49218 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:37.771459103 MEZ | 1177 | 49218 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:37.771526098 MEZ | 49218 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:37.779114008 MEZ | 49218 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:37.779134035 MEZ | 1177 | 49218 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:37.779414892 MEZ | 49218 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:37.779428959 MEZ | 1177 | 49218 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:38.257061958 MEZ | 53 | 51945 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:38.808056116 MEZ | 1177 | 49218 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:38.808294058 MEZ | 49218 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:40.794894934 MEZ | 49218 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:40.794928074 MEZ | 1177 | 49218 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:41.446043968 MEZ | 49219 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:41.446078062 MEZ | 1177 | 49219 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:41.446288109 MEZ | 49219 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:41.449882984 MEZ | 49219 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:41.449912071 MEZ | 1177 | 49219 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:41.450025082 MEZ | 49219 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:41.450038910 MEZ | 1177 | 49219 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:42.572700977 MEZ | 1177 | 49219 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:42.572830915 MEZ | 49219 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:44.560893059 MEZ | 49219 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:44.560940027 MEZ | 1177 | 49219 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:45.220556021 MEZ | 49220 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:45.220592022 MEZ | 1177 | 49220 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:45.220654011 MEZ | 49220 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:45.223052979 MEZ | 49220 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:45.223077059 MEZ | 1177 | 49220 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:45.223226070 MEZ | 49220 | 1177 | 192.168.1.16 | 91.109.180.3 |
Jan 22, 2018 16:21:45.223243952 MEZ | 1177 | 49220 | 91.109.180.3 | 192.168.1.16 |
Jan 22, 2018 16:21:46.610354900 MEZ | 1177 | 49220 | 91.109.180.3 | 192.168.1.16 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 22, 2018 16:19:40.736596107 MEZ | 56975 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:41.733088970 MEZ | 56975 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:42.235349894 MEZ | 53 | 56975 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:42.392358065 MEZ | 53 | 56975 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:48.097928047 MEZ | 51208 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:48.591259956 MEZ | 53 | 51208 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:52.192821980 MEZ | 62228 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.200027943 MEZ | 62228 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.356199026 MEZ | 53 | 62228 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:53.421664953 MEZ | 58659 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.508177996 MEZ | 56917 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:53.593430996 MEZ | 53 | 62228 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:54.935075045 MEZ | 56917 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:54.935380936 MEZ | 58659 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:55.100990057 MEZ | 53 | 58659 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:55.101059914 MEZ | 53 | 56917 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:57.044390917 MEZ | 53 | 56917 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:57.292296886 MEZ | 53 | 58659 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:58.297826052 MEZ | 64970 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:59.285948992 MEZ | 64970 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:59.527620077 MEZ | 53 | 64970 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:19:59.574682951 MEZ | 54618 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:19:59.866643906 MEZ | 53 | 64970 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:00.068747044 MEZ | 62396 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:00.352015018 MEZ | 53 | 54618 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:01.009901047 MEZ | 53 | 62396 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:05.116087914 MEZ | 63638 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:05.766006947 MEZ | 53 | 63638 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:15.522732019 MEZ | 52877 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:15.628464937 MEZ | 59362 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:16.524866104 MEZ | 52877 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:16.624151945 MEZ | 59362 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:16.865808964 MEZ | 53 | 52877 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:16.865881920 MEZ | 53 | 59362 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:17.130065918 MEZ | 53 | 52877 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:17.209683895 MEZ | 53 | 59362 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:20.947556973 MEZ | 52261 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:21.935591936 MEZ | 52261 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:22.061058044 MEZ | 53 | 52261 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:23.805666924 MEZ | 53 | 52261 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:27.626931906 MEZ | 61585 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:28.623389006 MEZ | 61585 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:29.026304960 MEZ | 53 | 61585 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:29.339533091 MEZ | 53 | 61585 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:32.969949961 MEZ | 54137 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:33.968871117 MEZ | 54137 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:34.091754913 MEZ | 53 | 54137 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:34.426896095 MEZ | 53 | 54137 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:37.809236050 MEZ | 52165 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:38.533780098 MEZ | 53 | 52165 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:41.757275105 MEZ | 63099 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:42.528963089 MEZ | 53 | 63099 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:45.888643980 MEZ | 56190 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:46.596225023 MEZ | 53 | 56190 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:50.183756113 MEZ | 61407 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:51.178338051 MEZ | 61407 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:51.345077038 MEZ | 53 | 61407 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:51.862507105 MEZ | 53 | 61407 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:55.482316971 MEZ | 58098 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:20:56.415262938 MEZ | 53 | 58098 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:20:59.389902115 MEZ | 63129 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:00.151971102 MEZ | 53 | 63129 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:03.837326050 MEZ | 51283 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:04.635679960 MEZ | 53 | 51283 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:08.137975931 MEZ | 65348 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:08.547743082 MEZ | 53 | 65348 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:12.549381971 MEZ | 64405 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:13.164092064 MEZ | 53 | 64405 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:16.574419975 MEZ | 52216 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:17.082206011 MEZ | 53 | 52216 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:20.380563021 MEZ | 50621 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:20.835339069 MEZ | 53 | 50621 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:24.195108891 MEZ | 54639 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:24.875320911 MEZ | 53 | 54639 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:28.206088066 MEZ | 60543 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:28.757571936 MEZ | 53 | 60543 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:32.490860939 MEZ | 63250 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:33.150305033 MEZ | 53 | 63250 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:36.542354107 MEZ | 51945 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:37.529562950 MEZ | 51945 | 53 | 192.168.1.16 | 8.8.8.8 |
Jan 22, 2018 16:21:37.770493984 MEZ | 53 | 51945 | 8.8.8.8 | 192.168.1.16 |
Jan 22, 2018 16:21:38.257061958 MEZ | 53 | 51945 | 8.8.8.8 | 192.168.1.16 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 22, 2018 16:19:53.508177996 MEZ | 192.168.1.16 | 8.8.8.8 | 0x3b85 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:19:54.935075045 MEZ | 192.168.1.16 | 8.8.8.8 | 0x3b85 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:00.068747044 MEZ | 192.168.1.16 | 8.8.8.8 | 0xc700 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:05.116087914 MEZ | 192.168.1.16 | 8.8.8.8 | 0xaeb7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:15.522732019 MEZ | 192.168.1.16 | 8.8.8.8 | 0xac17 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:16.524866104 MEZ | 192.168.1.16 | 8.8.8.8 | 0xac17 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:20.947556973 MEZ | 192.168.1.16 | 8.8.8.8 | 0xe31f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:21.935591936 MEZ | 192.168.1.16 | 8.8.8.8 | 0xe31f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:27.626931906 MEZ | 192.168.1.16 | 8.8.8.8 | 0x667c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:28.623389006 MEZ | 192.168.1.16 | 8.8.8.8 | 0x667c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:32.969949961 MEZ | 192.168.1.16 | 8.8.8.8 | 0xfff4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:33.968871117 MEZ | 192.168.1.16 | 8.8.8.8 | 0xfff4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:37.809236050 MEZ | 192.168.1.16 | 8.8.8.8 | 0x4c47 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:41.757275105 MEZ | 192.168.1.16 | 8.8.8.8 | 0xa1b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:45.888643980 MEZ | 192.168.1.16 | 8.8.8.8 | 0x464d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:50.183756113 MEZ | 192.168.1.16 | 8.8.8.8 | 0x610 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:51.178338051 MEZ | 192.168.1.16 | 8.8.8.8 | 0x610 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:55.482316971 MEZ | 192.168.1.16 | 8.8.8.8 | 0x93a4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:20:59.389902115 MEZ | 192.168.1.16 | 8.8.8.8 | 0x72ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:03.837326050 MEZ | 192.168.1.16 | 8.8.8.8 | 0xa3fc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:08.137975931 MEZ | 192.168.1.16 | 8.8.8.8 | 0xf823 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:12.549381971 MEZ | 192.168.1.16 | 8.8.8.8 | 0x97a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:16.574419975 MEZ | 192.168.1.16 | 8.8.8.8 | 0x309f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:20.380563021 MEZ | 192.168.1.16 | 8.8.8.8 | 0x2b9c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:24.195108891 MEZ | 192.168.1.16 | 8.8.8.8 | 0xb2cb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:28.206088066 MEZ | 192.168.1.16 | 8.8.8.8 | 0x5117 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:32.490860939 MEZ | 192.168.1.16 | 8.8.8.8 | 0xc38 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:36.542354107 MEZ | 192.168.1.16 | 8.8.8.8 | 0xeb3e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 22, 2018 16:21:37.529562950 MEZ | 192.168.1.16 | 8.8.8.8 | 0xeb3e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 22, 2018 16:19:55.101059914 MEZ | 8.8.8.8 | 192.168.1.16 | 0x3b85 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:19:57.044390917 MEZ | 8.8.8.8 | 192.168.1.16 | 0x3b85 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:01.009901047 MEZ | 8.8.8.8 | 192.168.1.16 | 0xc700 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:05.766006947 MEZ | 8.8.8.8 | 192.168.1.16 | 0xaeb7 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:16.865808964 MEZ | 8.8.8.8 | 192.168.1.16 | 0xac17 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:17.130065918 MEZ | 8.8.8.8 | 192.168.1.16 | 0xac17 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:22.061058044 MEZ | 8.8.8.8 | 192.168.1.16 | 0xe31f | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:23.805666924 MEZ | 8.8.8.8 | 192.168.1.16 | 0xe31f | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:29.026304960 MEZ | 8.8.8.8 | 192.168.1.16 | 0x667c | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:29.339533091 MEZ | 8.8.8.8 | 192.168.1.16 | 0x667c | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:34.091754913 MEZ | 8.8.8.8 | 192.168.1.16 | 0xfff4 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:34.426896095 MEZ | 8.8.8.8 | 192.168.1.16 | 0xfff4 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:38.533780098 MEZ | 8.8.8.8 | 192.168.1.16 | 0x4c47 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:42.528963089 MEZ | 8.8.8.8 | 192.168.1.16 | 0xa1b6 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:46.596225023 MEZ | 8.8.8.8 | 192.168.1.16 | 0x464d | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:51.345077038 MEZ | 8.8.8.8 | 192.168.1.16 | 0x610 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:51.862507105 MEZ | 8.8.8.8 | 192.168.1.16 | 0x610 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:20:56.415262938 MEZ | 8.8.8.8 | 192.168.1.16 | 0x93a4 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:00.151971102 MEZ | 8.8.8.8 | 192.168.1.16 | 0x72ce | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:04.635679960 MEZ | 8.8.8.8 | 192.168.1.16 | 0xa3fc | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:08.547743082 MEZ | 8.8.8.8 | 192.168.1.16 | 0xf823 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:13.164092064 MEZ | 8.8.8.8 | 192.168.1.16 | 0x97a3 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:17.082206011 MEZ | 8.8.8.8 | 192.168.1.16 | 0x309f | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:20.835339069 MEZ | 8.8.8.8 | 192.168.1.16 | 0x2b9c | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:24.875320911 MEZ | 8.8.8.8 | 192.168.1.16 | 0xb2cb | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:28.757571936 MEZ | 8.8.8.8 | 192.168.1.16 | 0x5117 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:33.150305033 MEZ | 8.8.8.8 | 192.168.1.16 | 0xc38 | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:37.770493984 MEZ | 8.8.8.8 | 192.168.1.16 | 0xeb3e | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) | ||
Jan 22, 2018 16:21:38.257061958 MEZ | 8.8.8.8 | 192.168.1.16 | 0xeb3e | No error (0) | 91.109.180.3 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:19:20 |
Start date: | 22/01/2018 |
Path: | C:\Users\user\Desktop\Xtaqxu6frQ.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 1571773 bytes |
MD5 hash: | 8667949F8FD4CE4DA0424AF4208104E3 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:21 |
Start date: | 22/01/2018 |
Path: | C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x752f0000 |
File size: | 1544928 bytes |
MD5 hash: | 513659580A49DF6A85CDFD869895924A |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:21 |
Start date: | 22/01/2018 |
Path: | C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 1544928 bytes |
MD5 hash: | 513659580A49DF6A85CDFD869895924A |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:21 |
Start date: | 22/01/2018 |
Path: | C:\Users\user\Desktop\fero.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 41984 bytes |
MD5 hash: | 7B21E7A626736B1BE83D83C89354CD9F |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
General |
---|
Start time: | 16:19:21 |
Start date: | 22/01/2018 |
Path: | C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 1544928 bytes |
MD5 hash: | 513659580A49DF6A85CDFD869895924A |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:21 |
Start date: | 22/01/2018 |
Path: | C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x6a320000 |
File size: | 1544928 bytes |
MD5 hash: | 513659580A49DF6A85CDFD869895924A |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:33 |
Start date: | 22/01/2018 |
Path: | C:\Users\user\AppData\Local\Temp\chrome64x.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 41984 bytes |
MD5 hash: | 7B21E7A626736B1BE83D83C89354CD9F |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
General |
---|
Start time: | 16:19:40 |
Start date: | 22/01/2018 |
Path: | C:\Windows\System32\netsh.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 96256 bytes |
MD5 hash: | 784A50A6A09C25F011C3143DDD68E729 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:41 |
Start date: | 22/01/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:41 |
Start date: | 22/01/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:42 |
Start date: | 22/01/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x75440000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:42 |
Start date: | 22/01/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:42 |
Start date: | 22/01/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x74220000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:43 |
Start date: | 22/01/2018 |
Path: | C:\Users\user\AppData\Local\Temp\chrome64x.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x76fc0000 |
File size: | 41984 bytes |
MD5 hash: | 7B21E7A626736B1BE83D83C89354CD9F |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
General |
---|
Start time: | 16:19:43 |
Start date: | 22/01/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 2972672 bytes |
MD5 hash: | 6DDCA324434FFA506CF7DC4E51DB7935 |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 16:19:43 |
Start date: | 22/01/2018 |
Path: | C:\Users\user\AppData\Local\Temp\chrome64x.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x77390000 |
File size: | 41984 bytes |
MD5 hash: | 7B21E7A626736B1BE83D83C89354CD9F |
Programmed in: | .Net C# or VB.NET |
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 7.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 3.2% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 29 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 15.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 100% |
Total number of Nodes: | 11 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph |
---|
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 16.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 100% |
Total number of Nodes: | 12 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph |
---|
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|